CVE-2017-3745

{"id": "CVE-2017-3745", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-06-20T00:29:00.360", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-13671", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@lenovo.com"}, {"url": "https://support.lenovo.com/us/en/product_security/LEN-13671", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers."}, {"lang": "es", "value": "En Lenovo XClarity Administrator (LXCA) en versiones anteriores a la 1.3.0, si se descargan datos del servicio desde LXCA, un usuario no administrativo podr\u00eda obtener acceso a informaci\u00f3n de contrase\u00f1as de usuarios que se han autenticado previamente en el servidor LDAP interno de LXCA, incluyendo las cuentas administrativas y las cuentas de servicio con privilegios administrativos. Esto solo es un problema para los usuarios que han empleado la autenticaci\u00f3n local con LXCA y no la autenticaci\u00f3n remota contra servidores LDAP o ADFS externos."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3749C239-F50B-483B-865F-6828A7AFEC14", "versionEndIncluding": "1.2.2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@lenovo.com"}